[lxc-users] Networking not working in unconfined overlayfs container

Frederico Araujo araujof at gmail.com
Wed Oct 14 15:34:56 UTC 2015


Hi Serge,

I used the released version of vivid; I will setup another VM to test it on
vivid-proposed (likely during the weekend) and get back to you asap.

Thanks,
Fred


On Mon, Oct 12, 2015 at 11:58 AM, Serge Hallyn <serge.hallyn at ubuntu.com>
wrote:

> Hi,
>
> before I try to reproduce this, can you confirm whether using the
> kernel from vivid-proposed fixes it?
>
> Quoting Frederico Araujo (araujof at gmail.com):
> > Hi Serge,
> >
> > Yes, I downloaded a fresh template for ubuntu and its overlay clones
> start
> > okay, and I'm able to attach and run commands on them. However, eth0 has
> no
> > IP assigned when unconfined.
> >
> > I think the problem might be related to changes in systemd (I'm using
> > version 219) and overlayfs on vivid. I do see many permission denied
> > messages in the boot logs of the container (please see attached an
> example
> > output), but couldn't find much help online.
> >
> > lxc-attach -n test -- ifconfig -a
> > eth0      Link encap:Ethernet  HWaddr 00:16:3e:23:59:24
> >           inet6 addr: fe80::216:3eff:fe23:5924/64 Scope:Link
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >           RX packets:29 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:1000
> >           RX bytes:4285 (4.2 KB)  TX bytes:648 (648.0 B)
> >
> > lo        Link encap:Local Loopback
> >           inet addr:127.0.0.1  Mask:255.0.0.0
> >           inet6 addr: ::1/128 Scope:Host
> >           UP LOOPBACK RUNNING  MTU:65536  Metric:1
> >           RX packets:24 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:0
> >           RX bytes:1888 (1.8 KB)  TX bytes:1888 (1.8 KB)
> >
> > lxc-attach -n test -- ps -ef
> > UID        PID  PPID  C STIME TTY          TIME CMD
> > root         1     0  0 15:45 ?        00:00:00 /sbin/init
> > root       352     1  0 15:45 ?        00:00:00
> > /lib/systemd/systemd-journald
> > root       613     1  0 15:45 ?        00:00:00 /usr/sbin/cron -f
> > syslog     673     1  0 15:45 ?        00:00:00 /usr/sbin/rsyslogd -n
> > root       710     1  0 15:45 ?        00:00:00 /usr/sbin/sshd -D
> > root       760     1  0 15:45 pts/1    00:00:00 /sbin/agetty --noclear
> > --keep-baud pts/1 115200 38400 9600 vt220
> > root       770     1  0 15:45 lxc/console 00:00:00 /sbin/agetty --noclear
> > --keep-baud console 115200 38400 9600 v
> > root       780     1  0 15:45 pts/2    00:00:00 /sbin/agetty --noclear
> > --keep-baud pts/2 115200 38400 9600 vt220
> > root       790     1  0 15:45 pts/0    00:00:00 /sbin/agetty --noclear
> > --keep-baud pts/0 115200 38400 9600 vt220
> > root       800     1  0 15:45 pts/3    00:00:00 /sbin/agetty --noclear
> > --keep-baud pts/3 115200 38400 9600 vt220
> > root       913     0  0 15:50 pts/2    00:00:00 ps -ef
> >
> > Thanks!
> >
> > Best,
> > Fred
> >
> >
> > On Mon, Oct 5, 2015 at 11:49 AM, Serge Hallyn <serge.hallyn at ubuntu.com>
> > wrote:
> >
> > > Quoting Frederico Araujo (araujof at gmail.com):
> > > > Hi,
> > > >
> > > > I've been using LXC for over two years without problems. This week, I
> > > > upgraded my Ubuntu from Trusty to Vivid, and I noticed that my
> overlayfs
> > > > containers stopped getting IP assigned. In my machine the error can
> be
> > > > reproduced in this way:
> > > >
> > > > 1. lxc-create -n base -t ubuntu
> > >
> > > Do you have this problem if you use the download template?
> > >
> > > > 2. Edit ubuntu/config to add  lxc.aa_profile = unconfined
> > >
> > > interesting that it has to be unconfined.
> > >
> > > if you tail -f /var/log/syslog and then start the container, does
> > > the tail -f output show any DENIED messages?
> > >
> > > > 3. lxc-clone -s -B overlayfs ubuntu tmp
> > >
> > > Does the 'ubuntu' container start ok?
> > >
> > > > 4. lxc-start -n tmp -d
> > > > 5. lxc-ls -f shows:
> > > >
> > > > NAME                       STATE    IPV4        IPV6  GROUPS
> AUTOSTART
> > > >
> -----------------------------------------------------------------------
> > > > tmp                        RUNNING  - *(no IP)*   -     -       NO
> > > > ubuntu                     STOPPED  -           -     -       NO
> > >
> > > Are you able to lxc-attach -n tmp and look around?  what does 'ps -ef'
> > > and 'ifconfig -a' show?
> > >
> > > > Interestingly, I don't run into this issue when running the
> container in
> > > > confined mode (without lxc.aa_profile = unconfined). I checked past
> > > threads
> > > > in this list and in launchpad, and noticed that some people had
> problems
> > > > with overlayfs when upgrading to vivid, but it seems that these
> problems
> > > > were fixed in LXC 1.1 release. I'm running on LXC 1.1.2.
> > > >
> > > > Any thoughts?
> > > >
> > > > Thanks,
> > > > Fred
> > >
> > > > _______________________________________________
> > > > lxc-users mailing list
> > > > lxc-users at lists.linuxcontainers.org
> > > > http://lists.linuxcontainers.org/listinfo/lxc-users
> > >
> > > _______________________________________________
> > > lxc-users mailing list
> > > lxc-users at lists.linuxcontainers.org
> > > http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151014/b58d7333/attachment.html>


More information about the lxc-users mailing list